Read more:A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.
The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before redirecting the recipient to a malicious landing page.
To further instill trust and increase the chances of success, the threat actor is using the names and pictures of real recruiters at impersonated companies.
Will Thomas, senior advisor at cybersecurity intelligence and threat hunting company Team Cymru, analyzed the campaign and discovered that the phishing email pretends to be from “a recruiter looking to hire people for marketing roles.”
The researcher uncovered that the threat actor is using at least 34 domains impersonating high-value companies in the following sectors:
Airlines and travel: American Airlines, Booking.com, Delta Air Lines, United Airlines
Food and beverage: Coca-Cola, PepsiCo, Red Bull
Apparel and luxury goods: Adidas, Louis Vuitton, Sephora, Levis
Staffing, consulting, and tech: Adobe, Aquent, ManpowerGroup, McKinsey & Company, OpenAI
Hospitality and marketing: Marriott, Omnicom Group
Entertainment and sports: FIFA, Netflix
Thomas found that the campaign relies on nested redirects, a technique that routes visitors through multiple legitimate services before reaching the malicious landing page.
Phishing poses as big-brand job interview to steal Google accounts
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.